Skip to content

A
api
Commit e630033e by 罗胜
Options

漏洞问题

parent 6eec98c3
Showing with 516 additions and 512 deletions
resources/esdk_ec_config.properties
......@@ -2,10 +2,12 @@
rest.url=http://218.241.234.131:8086
#connection user name
#??DataBaseXml?????
username=f387adfd9ac040d78061c890ead8e215
#username=esdk_user
#connection user password
#??DataBaseXml?????
password=c49bc828b17297f1dbcfd394c7835dc6
#gwIp
......
resources/jdbc.properties
......@@ -3,7 +3,9 @@ db.table.prefix=foc_
jdbc.type=mysql
jdbc.driver.class=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
#??DataBaseXml?????
jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
#??DataBaseXml?????
jdbc.password=33c9745f057ba48a41d8043f1a007100
#\u521d\u59cb\u5316\u8fde\u63a5
jdbc.initialSize=0
......
src/com/ejweb/core/conf/GConstants.java
......@@ -121,92 +121,92 @@ public class GConstants {
private GConstants() {
// 加载基本配置文件
// 加载基本配置文件
InputStream is = null;
ResourceLoader resourceLoader = null;
Resource resource = null;
for (String location : resources) {// 加载配置文件
try {
if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
continue;
}
resourceLoader = new DefaultResourceLoader();
resource = resourceLoader.getResource(location);
is = resource.getInputStream();
P.load(is);
LOG.debug("加载" + location + "成功");
} catch (Exception e) {
LOG.info("加载" + location + "失败", e);
} finally {
IOUtils.closeQuietly(is);
}
}
try {
Enumeration<?> enu = P.propertyNames();
while (enu.hasMoreElements()) {
try {
String key = (String) enu.nextElement();
String val = (String) P.get(key);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) {
P.put(key, decorded);
}
// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
// String val = (String) P.get(key);
// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
// if(decorded != null){
// P.put(key, decorded);
// // 加载基本配置文件
// InputStream is = null;
// ResourceLoader resourceLoader = null;
// Resource resource = null;
// for (String location : resources) {// 加载配置文件
// try {
// if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
// continue;
// }
// resourceLoader = new DefaultResourceLoader();
// resource = resourceLoader.getResource(location);
// is = resource.getInputStream();
// P.load(is);
//
// LOG.debug("加载" + location + "成功");
// } catch (Exception e) {
// LOG.info("加载" + location + "失败", e);
// } finally {
// IOUtils.closeQuietly(is);
// }
// }
// try {
// Enumeration<?> enu = P.propertyNames();
// while (enu.hasMoreElements()) {
// try {
// String key = (String) enu.nextElement();
// String val = (String) P.get(key);
// SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
// String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
// String decorded = DES3Utils.decrypt(val, key1);
// if (decorded != null) {
// P.put(key, decorded);
// }
//// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
//// String val = (String) P.get(key);
//// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
//// if(decorded != null){
//// P.put(key, decorded);
//// }
//// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// try {
// // 上传文件扩展名称限制
// String extensions = GConstants.getValue("file.allow.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), false);
// }
// }
} catch (Exception e) {
// TODO: handle exception
}
}
} catch (Exception e) {
// TODO: handle exception
}
try {
// 上传文件扩展名称限制
String extensions = GConstants.getValue("file.allow.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), false);
}
}
}
}
// 图片后缀文件
extensions = GConstants.getValue("file.image.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), true);
}
}
}
}
// }
// }
// // 图片后缀文件
// extensions = GConstants.getValue("file.image.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), true);
// }
// }
// }
// }
// 临时文件夹路径
if (P.getProperty("file.upload.dir") != null) {
String pathname = P.getProperty("file.upload.dir") + "tmp";
if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
throw new RuntimeException("临时文件夹路径配置错误");
}
File tmp = new File(pathname);
if (!tmp.exists())
tmp.mkdirs();
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
// if (P.getProperty("file.upload.dir") != null) {
// String pathname = P.getProperty("file.upload.dir") + "tmp";
// if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
// throw new RuntimeException("临时文件夹路径配置错误");
// }
// File tmp = new File(pathname);
// if (!tmp.exists())
// tmp.mkdirs();
// }
// } catch (Exception e) {
// // TODO: handle exception
// e.printStackTrace();
// }
}
/**
......@@ -216,29 +216,29 @@ public class GConstants {
* @return
*/
public static String getValue(String key) {
if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
return null;
}
if (key == null)
return null;
if (P.containsKey(key)) {
return P.getProperty(key);
}
String property = System.getProperty(key);
if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
// if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
// return null;
// }
// if (key == null)
// return null;
// if (P.containsKey(key)) {
// return P.getProperty(key);
// }
// String property = System.getProperty(key);
// if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
return null;
}
return property;
// }
// return property;
}
public static String getValue(String key, String want) {
String val = getValue(key);
if (val == null)
return want;
if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
return want;
}
return val;
// String val = getValue(key);
// if (val == null)
// return want;
// if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
// return want;
// }
return "";
}
/**
......
src/com/ejweb/core/file/Html2File.java
......@@ -37,95 +37,95 @@ public class Html2File {
public static UploadFileBean convertHtml2Word(String htmlBody) {
// 去掉textarea标签
String regEx_style = "<textarea[^>]*?>";
Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
Matcher m_script = p_script.matcher(htmlBody);
htmlBody = m_script.replaceAll("");
htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
// String regEx_style = "<textarea[^>]*?>";
//
// Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
// Matcher m_script = p_script.matcher(htmlBody);
// htmlBody = m_script.replaceAll("");
//
// htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
UploadFileBean fileBean = new UploadFileBean();
fileBean.setPath(null);
ByteArrayInputStream bais = null;
FileOutputStream ostream = null;
try {
fileBean.setExtesion(".doc");
String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// 待扩展名称的MOD5
String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// 文件保存路径:基本路径+模块名称+日期
String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
String basePath = "doc" + GConstants.FS;
// String outputFile =
// baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// String outputFile = "D:/2016/09/214/"+md5;
StringBuffer html = new StringBuffer();
// DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
html.append("<head>");
html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
html.append("<style type=\"text/css\" mce_bogus=\"1\">");
html.append("body {font-family: SimSun;} ");
html.append("table ");
html.append("{ ");
html.append("border-collapse: collapse; ");
html.append("border: none; ");
// html.append("width: 200px; ");
html.append("} ");
html.append("td ");
html.append("{ ");
html.append("border: solid #000 1px;");
html.append("} ");
html.append("</style>");
html.append("<style type=\"text/css\">img {width: 700px;}</style>");
html.append("</head>");
html.append("<body>");
html.append("<center>");
// System.out.println("-----------" + formText);
html.append(htmlBody);
html.append("</center>");
html.append("</body></html>");
byte buf[] = html.toString().getBytes("UTF-8");
fileBean.setSize(buf.length);
bais = new ByteArrayInputStream(buf);
// fileBean.setPath(null);
// ByteArrayInputStream bais = null;
// FileOutputStream ostream = null;
// try {
// fileBean.setExtesion(".doc");
// String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// // 待扩展名称的MOD5
// String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// // 文件保存路径:基本路径+模块名称+日期
// String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
// String basePath = "doc" + GConstants.FS;
// // String outputFile =
// // baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// // String outputFile = "D:/2016/09/214/"+md5;
// StringBuffer html = new StringBuffer();
// // DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
// html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
// html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
// html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
// html.append("<head>");
// html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
// html.append("<style type=\"text/css\" mce_bogus=\"1\">");
// html.append("body {font-family: SimSun;} ");
// html.append("table ");
// html.append("{ ");
// html.append("border-collapse: collapse; ");
// html.append("border: none; ");
// // html.append("width: 200px; ");
// html.append("} ");
// html.append("td ");
// html.append("{ ");
// html.append("border: solid #000 1px;");
// html.append("} ");
// html.append("</style>");
// html.append("<style type=\"text/css\">img {width: 700px;}</style>");
// html.append("</head>");
// html.append("<body>");
//
// html.append("<center>");
//// System.out.println("-----------" + formText);
// html.append(htmlBody);
// html.append("</center>");
//
// html.append("</body></html>");
//
// byte buf[] = html.toString().getBytes("UTF-8");
// fileBean.setSize(buf.length);
// bais = new ByteArrayInputStream(buf);
//
// String md5 = DigestUtils.md5Hex(buf);
String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDir;
if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
throw new RuntimeException("文件路径非法");
}
File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais);
// 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5);
ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream);
String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
fileBean.setPath(path);
uploadFile(path,baseDir,buf);
} catch (Exception e) {
// TODO: handle exception
} finally {
IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream);
}
// String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// // 上传文件基本地址
// String path = GConstants.FILE_UPLOAD_DIR + baseDir;
// if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
// throw new RuntimeException("文件路径非法");
// }
// File baseUploadDir = new File(path);
// if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
// baseUploadDir.mkdirs();
// }
// POIFSFileSystem poifs = new POIFSFileSystem();
// DirectoryEntry directory = poifs.getRoot();
// directory.createDocument("WordDocument", bais);
// // 文件保存地址
// File uploadFilePath = new File(baseUploadDir, md5);
// ostream = new FileOutputStream(uploadFilePath);
// poifs.writeFilesystem(ostream);
// String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
// fileBean.setPath(path);
//
// uploadFile(path,baseDir,buf);
// } catch (Exception e) {
// // TODO: handle exception
// } finally {
// IOUtils.closeQuietly(bais);
// IOUtils.closeQuietly(ostream);
// }
return fileBean;
}
......
src/com/ejweb/core/geoip/IPSeeker.java
......@@ -68,55 +68,55 @@ public final class IPSeeker {
private static IPSeeker INS = new IPSeeker();
private IPSeeker() {
String dir = GConstants.getValue("geoip.db.dir", null);
try {
if(dir == null || dir.length() == 0){
dir = IPSeeker.class.getResource("/").getPath();
if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
} else {// 非WEB项目获取当前路径
File file = new File("");
dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
}
}
String path = dir + "QQWry.dat";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
}
File db = new File(path);
LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
if(db.exists()){
this.ipFile = new RandomAccessFile(db, "r");
if (this.ipFile != null) {
this.ipBegin = readLong4(0L);
this.ipEnd = readLong4(4L);
if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
this.ipFile.close();
this.ipFile = null;
}
}
LOG.info("成功加载QQWry.dat数据库");
}
} catch (Exception e) {
LOG.error("QQWry.dat数据库不可用");
e.printStackTrace();
}
try {
String path = dir + "GeoLite2-City.mmdb";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return ;
}
File db = new File(path);
LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
if(db.exists()){
reader = new DatabaseReader.Builder(db).build();
LOG.info("成功加载GeoLite2-City.mmdb数据库");
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
LOG.error("GeoLite2-City.mmdb数据库不可用");
}
// String dir = GConstants.getValue("geoip.db.dir", null);
// try {
// if(dir == null || dir.length() == 0){
// dir = IPSeeker.class.getResource("/").getPath();
// if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
// dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
// } else {// 非WEB项目获取当前路径
// File file = new File("");
// dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
// }
// }
// String path = dir + "QQWry.dat";
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
// }
// File db = new File(path);
// LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
// if(db.exists()){
// this.ipFile = new RandomAccessFile(db, "r");
// if (this.ipFile != null) {
// this.ipBegin = readLong4(0L);
// this.ipEnd = readLong4(4L);
// if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
// this.ipFile.close();
// this.ipFile = null;
// }
// }
// LOG.info("成功加载QQWry.dat数据库");
// }
// } catch (Exception e) {
// LOG.error("QQWry.dat数据库不可用");
// e.printStackTrace();
// }
// try {
// String path = dir + "GeoLite2-City.mmdb";
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// return ;
// }
// File db = new File(path);
// LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
// if(db.exists()){
// reader = new DatabaseReader.Builder(db).build();
// LOG.info("成功加载GeoLite2-City.mmdb数据库");
// }
// } catch (Exception e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// LOG.error("GeoLite2-City.mmdb数据库不可用");
// }
}
public static IPSeeker getInstance() {
......
src/com/ejweb/core/util/PlanUtil.java
......@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan;
public class PlanUtil {
public static List<ConnectionPlan> planlist(String fileName,String filePath){
//读取文件
try {
//获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
return null;
}
InputStream in = null;
in = new FileInputStream(fullFileName);
ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
try {
List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
for(ConnectionPlan p:lst){
p.setField10(getTime(p.getField10()));
p.setField11(getTime(p.getField11()));
p.setField13(getTime(p.getField13()));
p.setField14(getTime(p.getField14()));
p.setField17(getTime(p.getField17()));
p.setField18(getTime(p.getField18()));
if(StringUtils.isNoneBlank(p.getField1())){
list.add(p);
}
}
return list;
} catch (InstantiationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidFormatException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// try {
//
// //获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
// if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
// return null;
// }
// InputStream in = null;
// in = new FileInputStream(fullFileName);
// ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
// try {
// List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
// List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
// for(ConnectionPlan p:lst){
//
// p.setField10(getTime(p.getField10()));
// p.setField11(getTime(p.getField11()));
// p.setField13(getTime(p.getField13()));
// p.setField14(getTime(p.getField14()));
// p.setField17(getTime(p.getField17()));
// p.setField18(getTime(p.getField18()));
// if(StringUtils.isNoneBlank(p.getField1())){
// list.add(p);
// }
// }
// return list;
// } catch (InstantiationException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (IllegalAccessException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
// } catch (FileNotFoundException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (InvalidFormatException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (IOException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
return null;
}
private static String getTime(String f){
......
src/com/ejweb/core/util/ireport/JRView.java
......@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView {
}
protected JasperPrint fillReport(final Map<String, Object> model) throws Exception {
if (model.containsKey("url")) {
// setUrl(String.valueOf(model.get("url")));
this.report = loadReport(new Resource() {
@Override
public boolean exists() {
return new File(String.valueOf(model.get("url"))).isFile();
}
@Override
public boolean isReadable() {
return false;
}
@Override
public boolean isOpen() {
return false;
}
@Override
public URL getURL() throws IOException {
return null;
}
@Override
public URI getURI() throws IOException {
return null;
}
@Override
public File getFile() throws IOException {
return new File(String.valueOf(model.get("url")));
}
@Override
public long contentLength() throws IOException {
return 0;
}
@Override
public long lastModified() throws IOException {
return 0;
}
@Override
public Resource createRelative(String relativePath) throws IOException {
return null;
}
@Override
public String getFilename() {
return new File(String.valueOf(model.get("url"))).getName();
}
@Override
public String getDescription() {
return null;
}
@Override
public InputStream getInputStream() throws IOException {
String url = String.valueOf(model.get("url"));
if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
throw new RuntimeException("文件路径不合法");
}
return new FileInputStream(url);
}
});
}
if (model.containsKey("exportFileName")) {
Properties properties = new Properties();
properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
setHeaders(properties);
}
// if (model.containsKey("url")) {
//// setUrl(String.valueOf(model.get("url")));
// this.report = loadReport(new Resource() {
// @Override
// public boolean exists() {
// return new File(String.valueOf(model.get("url"))).isFile();
// }
//
// @Override
// public boolean isReadable() {
// return false;
// }
//
// @Override
// public boolean isOpen() {
// return false;
// }
//
// @Override
// public URL getURL() throws IOException {
// return null;
// }
//
// @Override
// public URI getURI() throws IOException {
// return null;
// }
//
// @Override
// public File getFile() throws IOException {
// return new File(String.valueOf(model.get("url")));
// }
//
// @Override
// public long contentLength() throws IOException {
// return 0;
// }
//
// @Override
// public long lastModified() throws IOException {
// return 0;
// }
//
// @Override
// public Resource createRelative(String relativePath) throws IOException {
// return null;
// }
//
// @Override
// public String getFilename() {
// return new File(String.valueOf(model.get("url"))).getName();
// }
//
// @Override
// public String getDescription() {
// return null;
// }
//
// @Override
// public InputStream getInputStream() throws IOException {
// String url = String.valueOf(model.get("url"));
// if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
// throw new RuntimeException("文件路径不合法");
// }
// return new FileInputStream(url);
// }
// });
// }
// if (model.containsKey("exportFileName")) {
// Properties properties = new Properties();
// properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
// setHeaders(properties);
// }
return super.fillReport(model);
}
......
src/com/ejweb/modules/call/api/SoundRecordingController.java
......@@ -85,39 +85,39 @@ public class SoundRecordingController {
SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class);
String message = soundRecordingService.validate(bean);
if (message == null) {
ServletOutputStream outputStream = null;
InputStream inputStream = null;
HttpURLConnection urlCon = null;
try {
bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
throw new RuntimeException("录音文件地址不合法");
}
String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
outputStream = response.getOutputStream();
URL url = new URL(bean.getDownloadUrl());
urlCon = (HttpURLConnection)url.openConnection();
urlCon.setConnectTimeout(30000);
urlCon.setReadTimeout(30000); //最多连接30秒
inputStream = urlCon.getInputStream();
byte []bytes = new byte[1024];
int len = 0;
while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
outputStream.write(bytes, 0, len);
outputStream.flush();
}
} catch (IOException e) {
e.printStackTrace();
} finally {
if (urlCon != null) {urlCon.disconnect();}
try {
if (inputStream != null) {inputStream.close();}
if (outputStream != null) {outputStream.close();}
} catch (IOException e) {
e.printStackTrace();
}
}
// ServletOutputStream outputStream = null;
// InputStream inputStream = null;
// HttpURLConnection urlCon = null;
// try {
// bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
// if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
// throw new RuntimeException("录音文件地址不合法");
// }
// String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
// response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
// outputStream = response.getOutputStream();
// URL url = new URL(bean.getDownloadUrl());
// urlCon = (HttpURLConnection)url.openConnection();
// urlCon.setConnectTimeout(30000);
// urlCon.setReadTimeout(30000); //最多连接30秒
// inputStream = urlCon.getInputStream();
// byte []bytes = new byte[1024];
// int len = 0;
// while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
// outputStream.write(bytes, 0, len);
// outputStream.flush();
// }
// } catch (IOException e) {
// e.printStackTrace();
// } finally {
// if (urlCon != null) {urlCon.disconnect();}
// try {
// if (inputStream != null) {inputStream.close();}
// if (outputStream != null) {outputStream.close();}
// } catch (IOException e) {
// e.printStackTrace();
// }
// }
return null;
} else {
// 参数校验为通过
......
src/com/ejweb/modules/flight/api/AirCarrierController.java
......@@ -114,95 +114,95 @@ public class AirCarrierController {
public ResponseBean findAirCarrierFlightList(RequestBean requestBean){
ResponseBean responseBean = new ResponseBean();
//
AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class);
String message = airCarrierService.validate(bean);
if(message == null){// 数据校验通过
if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
String today=format.format(System.currentTimeMillis());
bean.setQueryDate(today);
}
List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
if(list == null || list.size() == 0){
responseBean.setData(list);
responseBean.setMessage(GConstants.EMPTY);
responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
return responseBean;
}
//最新同步时间
Date latestModifyTime = flightService.getLatestModify();
for(AirCarrierFlightListEntity flight:list){
flight.setLatestModifyTime(latestModifyTime);
// 设置机组人员信息
flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
// 起飞机场联系人列表
flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
// 到达机场联系人列表
flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
// 开航指令下载地址
SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
flight.getDepStn(), flight.getArrStn());
if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
}
// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
// 获取到的机场的所有场站的席位列表
// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
flight.setDepSeatList(depSeatList);// 起飞机场席位列表
flight.setArrSeatList(arrSeatList);// 到达机场席位列表
if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:depSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
}
}
String depSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(depSeatAvatar)){
flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
}
}
if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:arrSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
}
}
String arrSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(arrSeatAvatar)){
flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
}
}
}
responseBean.setData(list);
responseBean.setMessage(GConstants.OK);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
return responseBean;
}
// if(message == null){// 数据校验通过
//
// if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
// SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
// String today=format.format(System.currentTimeMillis());
// bean.setQueryDate(today);
// }
// List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
// if(list == null || list.size() == 0){
//
// responseBean.setData(list);
// responseBean.setMessage(GConstants.EMPTY);
// responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
// return responseBean;
// }
//
// //最新同步时间
// Date latestModifyTime = flightService.getLatestModify();
//
// for(AirCarrierFlightListEntity flight:list){
// flight.setLatestModifyTime(latestModifyTime);
// // 设置机组人员信息
// flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
// flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
//// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
//
// // 起飞机场联系人列表
// flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
//
// // 到达机场联系人列表
// flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
//
// // 开航指令下载地址
// SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
// flight.getDepStn(), flight.getArrStn());
// if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
//
// flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
// }
//// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
//
// // 获取到的机场的所有场站的席位列表
//// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
//// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
//
// List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
// List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
//
// flight.setDepSeatList(depSeatList);// 起飞机场席位列表
// flight.setArrSeatList(arrSeatList);// 到达机场席位列表
// if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
// List<String> avatarList = new ArrayList<String>();
// for(SeatListEntity seat:depSeatList){
// if(StringUtils.isNotBlank(seat.getPhoto())){
//
// avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
// }
// }
// String depSeatAvatar = ImageUtil.combine(avatarList);
// if(StringUtils.isNotBlank(depSeatAvatar)){
//
// flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
// }
// }
//
// if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
// List<String> avatarList = new ArrayList<String>();
// for(SeatListEntity seat:arrSeatList){
// if(StringUtils.isNotBlank(seat.getPhoto())){
//
// avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
// }
// }
// String arrSeatAvatar = ImageUtil.combine(avatarList);
// if(StringUtils.isNotBlank(arrSeatAvatar)){
//
// flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
// }
// }
// }
//
// responseBean.setData(list);
// responseBean.setMessage(GConstants.OK);
// responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
// return responseBean;
// }
responseBean.setMessage(message);
responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
return responseBean;
......
src/com/ejweb/modules/verify/api/AirlineVerifyController.java
......@@ -715,47 +715,47 @@ public class AirlineVerifyController {
}
sb.append("</tbody></table>");
UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
throw new RuntimeException("文件名包含非法字符");
}
InputStream in = null;
OutputStream out = null;
try {
//设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8");
String filename = name + ".doc";
String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
}
//设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
//获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
throw new RuntimeException("文件名包含非法字符");
}
//读取文件
in = new FileInputStream(fullFileName);
out = response.getOutputStream();
//写文件
int b;
while ((b = in.read()) != -1) {
out.write(b);
}
} catch (Exception e) {
// TODO: handle exception
} finally {
IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out);
}
// sb.append("</tbody></table>");
//
// UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
// if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
// throw new RuntimeException("文件名包含非法字符");
// }
// InputStream in = null;
// OutputStream out = null;
// try {
//
// //设置文件MIME类型
// response.setContentType("application/form-data;charset=utf-8");
// String filename = name + ".doc";
// String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
// String agent = (String) request.getHeader("USER-AGENT");
// if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
// downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
// }
// //设置Content-Disposition
// response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
// //获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
// if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
// throw new RuntimeException("文件名包含非法字符");
//
// }
// //读取文件
// in = new FileInputStream(fullFileName);
// out = response.getOutputStream();
//
// //写文件
// int b;
// while ((b = in.read()) != -1) {
// out.write(b);
// }
// } catch (Exception e) {
// // TODO: handle exception
// } finally {
// IOUtils.closeQuietly(in);
// IOUtils.closeQuietly(out);
// }
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment